Skip to content

What is Shadow IT?

What is Shadow IT?

The term “shadow IT” has an ominous sound, but it’s really quite basic. In this case, we are not referring to the management of information technology, but to the technology itself. In short, shadow IT is any technology that is used on a private network (such as a business network) without the approval of the IT department. Unfortunately, this is a common practice…and one that can open up a whole host of security holes. Let’s talk a little more about shadow IT and what it means for you and your organization.

How Common Is This Problem?

Apparently, shadow IT is all over the place these days. When you consider the huge number of software tools out there and combine that with their easy availability, this should be no surprise. Even if your company has an approved alternative, some people can’t help but go with their personal preferences.

According to this security report from Frost & Sullivan, about 80% of employees admit that they have used unsanctioned apps at one time or another. That is a pretty serious figure because it only measures the number of people who will admit to breaking the rules. Thus, we can assume that the actual figure is at least 85%.

For confirmation, we decided to look for some alternate statistics. We found some numbers from Cisco, and they match up with our previous figures. This report says that 80-83% of all employees make use of shadow IT in some way. This report also tells us that only 8% of the companies surveyed are aware of the number of shadow IT resources being used on their network. Thus, we can see that this is a common and oft-overlooked issue.

Dealing With The Shadow IT Problem

When it comes to unsanctioned apps and devices, you basically have three choices:

  • 1. Disallow all of these resources and block them at the router or server level
  • 2. Allow the use of unsanctioned apps, but only in specific cases
  • 3. Ignore the problem and let people use whatever apps/devices they want.

Naturally, option number three is the worst of the bunch. Ignoring the problem can be very costly because of the security vulnerabilities that will be opened. These unsanctioned apps and devices probably won’t be up to your usual security standards, giving criminals a weak point by which to gain entry. Even if someone has attempted to secure those unsanctioned resources, they may not be compatible with your methods and/or infrastructure.

Option number two might be a viable solution, as it allows some flexibility for the employees without abandoning the rules altogether. One way to implement this idea would be to figure out which unsanctioned resources are being used by your employees. You can then evaluate these options one by one, blocking the use of those which are found to be unsafe.

When you block a particular tool, make sure that you present a safer alternative. You could also use a virtual system to allow people to use unsanctioned apps in a “sandbox” environment. Thus, the unsanctioned resources can be utilized in a place that is separated from the rest of the network/system.

Finally, we have option number one: You can block the use of specific devices and apps at the router or server level, making it impossible to use these resources on your network. If you are a company that deals with a lot of high-confidentiality info, we would probably recommend this route. It does create some inconveniences but it is the safest path.

How To Manage Shadow IT Effectively

Regardless of which approach you might choose, it will take tools and intelligence to manage this matter correctly. The key phrase here is network visibility. The more thoroughly you can monitor your business network, the easier it will be to deal with shadow IT problems.

One common tool is a “packet sniffer,” also sometimes called a network sniffer. All internet traffic comes in the form of data packets, allowing the internet to be transmitted in small increments (which is more practical). Programs like Wireshark can be used to monitor the flow of packets, including the contents thereof.

Reviewing your firewall logs can also be of great help. Everything that connects to your network has to go through that firewall, and that firewall will keep logs regarding this traffic. Thus, you can look at the IP addresses that have been logged and see if any of them look suspicious.

It also helps to keep an up-to-date inventory regarding all the software and hardware that is authorized for use on the network. Obviously, this makes it easier to determine when an unauthorized resource is activated. There are also a large number of IDS (Intrusion Detection System) software applications that can improve network visibility immensely.

When shadow IT is detected on the system, you should immediately alert the person who is using that resource. Once they know that someone is watching, they will probably cease their unauthorized usage. By showing people that someone is indeed watching, you can create an excellent deterrent. Penalties should be light at first, but repeat offenders can be identified and dealt with properly.


In the end, shadow IT is a major security risk that most companies cannot afford. Of course, we should also mention one further thing that you can do to help the situation. In whatever way you can, you should encourage your IT team to streamline the process of application/software approval. It often takes IT departments a long time to go through this process, and that is why so many people just go ahead and act without approval. By quickening that approval process, you can help to create a situation in which people don’t even need to use shadow IT. If you would like to learn more about this or any other IT subject, you can call PCH Technologies at (856) 754-7500.